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In the claims : The claims are changed to be as follows: 

1. (Currently amended) A system for providing an analysis of use 
in managing risk, the system comprising: 

a) a knowledge base, for maintaining a generic risk record 
including a plurality of fields at least some of which have 
subjective or quantitative va 1 ue s with the subjective values 
synchronized to numerical values based on experience gained over 
time ; 

b) a data store of profiles, for maintaining a profile risk 
record associated with a particular profile and including the same 
plurality of fields as the generic risk record, the profile risk 
record for use in providing a risk assessment in the associated 
profile; and 

c) a risk processor, for updating a field value at least one 
of the subjective or quantitative values of the generic risk record 
based on a corresponding field value in the profile risk record in 
the data store of profiles; 

whereby at least some of the subjective or quantitative field 
values of the generic risk record are refined over time based on 
values of the corresponding fields of the profile risk record. 

2. (Currently amended) The system of claim 1, wherein some of the 
ficldo in the generic risk record or the profile riok record arc 
subjective or quantitative values are values of measuring fields 
input by the user, and others of the ficldo are are values of 
calculated fields calculated by the system, and the system allows 
different modes of analysis in which the fields that are the 
measuring fields differ. 

3. (Original) The system of claim 2, wherein the modes of analysis 
include : 
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a residual assessment mode, in which a user selects inherent 
values of likelihood and consequence for a risk, and a value, for 
each control for the risk, for effectiveness in either preventing 
the risk or reducing the consequence of the risk, and the system 
then calculates residual levels of likelihood, consequence and risk 
rating for the risk; 

an inherent assessment mode, in which a user selects residual 
values of likelihood and consequence for a risk, and a value, for 
each control for the risk, for effectiveness in either preventing 
the risk or in reducing the consequence of the risk, and the system 
then calculates the inherent levels of likelihood, consequence and 
risk rating for the risk; and 

a controls self -assessment mode, in which a user selects 
inherent values of likelihood and consequence for a risk, as well 
as residual values of likelihood and consequence for the risk, and 
the system then calculates the effectiveness of predetermined 
controls needed to either prevent the risk or to reduce the 
consequence of the risk. 

4. (Previously presented) The system of claim 1, wherein the 
system can be used in different modes of use, and further wherein 
only some of the fields of the generic risk record or the profile 
risk record are required to be us^d in the risk management 
analysis, and which of the fields are required depends on the mode 
of use. 

5. (Previously presented) The system of claim 4, wherein both the 
generic risk record and the profile risk record each comprise: 

a) a risk component, for indicating a risk, for indicating an 
inherent risk rating, and also for indicating a residual risk 
rating; 

b) a cause component, for indicating the cause of the risk; 
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c) a consequence component, for indicating a particular 
consequence of the risk and an inherent and a residual cost of the 
particular consequence; and 

d) a control component, for indicating a control, for 
indicating whether the control is corrective or preventive, and for 
indicating the effectiveness of the control. 

6. (Previously presented) The system of claim 5, wherein in one 
mode of use an inherent risk impact cost is aggregated over the 
inherent cost of each consequence of the risk. 

7. (Previously presented) The system of claim 5, wherein in one 
mode of use the residual likelihood is an aggregate calculation 
based on the effectiveness of each preventive control acting on an 
inherent 1 ikel ihood . 

8. (Previously presented) The system of claim 5, wherein in one 
mode of use a residual risk impact cost is aggregated over the 
residual cost of each consequence of the risk. 

9. (Original) The system of claim 1, further comprising a 
scripting facility for enabling a user to create a script directing 
how a risk management process is to be performed, the script 
indicating steps that can be used in performing risk analysis in 
any profile. 

10. (Previously presented) The system of claim 1, further wherein 
the risk processor also uses the generic risk record to provide 
initial values for the profile risk record, whereby the profile 
risk record has initial values based on experience gained over 
time . 

11. (Currently amended) A method for use by a system in providing 
an analysis of use in managing risk, comprising: 

-4- 



Attorney Docket No.: 2-591.5 
Serial No.: 09/774,538 

a) a step of maintaining a generic risk record including a 
plurality of fields at least some of which have subjective or 
quantitative values with the subjective values synchronized to 
numerical values baocd on experience gained over time ; 

b) a step of maintaining a profile risk record associated with 
a particular profile and including the same plurality of fields as 
the generic risk record, the profile risk record for use in 
providing a risk assessment in the associated profile; and 

c) a step of updating at least one of the subjective or 
quantitative values a field value of the generic risk record based 
on a corresponding field value in the profile risk record in the 
data store of profiles . 

12. (Currently amended) The method of claim 11, wherein some of 
the subjective or quantitative values are values of ficldo in the 
generic risk record or the profile risk record arc measuring fields 
input by the user, and others are values of of the fields arc 
calculated fields calculated by the system, and the method allows 
different modes of analysis in which the fields that are the 
measuring fields differ. 

13. (Previously presented) The method of claim 12, wherein the 
modes of analysis include: 

a residual assessment mode, in which a user selects inherent 
values of likelihood and consequence for a risk, and a value, for 
each control for the risk, for effectiveness in either preventing 
the risk or reducing the consequence of the risk, and the method 
then calculates residual levels of likelihood, consequence and risk 
rating for the risk; 

an inherent assessment mode, in which a user selects residual 
values of likelihood and consequence for a risk, and a value, for 
each control for the risk, for effectiveness in either preventing 
the risk or in reducing the consequence of the risk, and the method 
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then calculates the inherent levels of likelihood, consequence and 
risk rating for the risk; and 

a controls self -assessment mode, in which a user selects 
inherent values of likelihood and consequence for a risk, as well 
as residual values of likelihood and consequence for the risk, and 
the method then calculates the effectiveness of predetermined 
controls needed to either prevent the risk or to reduce the 
consequence of the risk. 

14. (Previously presented) The method of claim 11, wherein the 
method can be used in different modes of use, and further wherein 
only some of the fields of the generic risk record or the profile 
risk record are required to be used in the risk management 
analysis, and which of the fields are required depends on the mode 
of use . 

15. (Previously presented) The method of claim 14, wherein both 
the generic risk record and the profile risk record each comprise: 

a) a risk component, for indicating a risk, for indicating an 
inherent risk rating, and also for indicating a residual risk 
rating; 

b) a cause component, for indicating the cause of the risk; 

c) a consequence component, for indicating a particular 
consequence of the risk and an inherent and a residual cost of the 
particular consequence; and 

d) a control component, for indicating a control, for 
indicating whether the control is corrective or preventive, and for 
indicating the effectiveness of the control. 

16. (Previously presented) The method of claim 15, wherein in one 
mode of use an inherent risk impact cost is aggregated over the 
inherent cost of each consequence of the risk. 



-6- 



Attorney Docket No.: 2-591.5 
Serial No.: 09/774,538 

17. (Previously presented) The method of claim 15, wherein in one 
mode of use the residual likelihood is an aggregate calculation 
based on the effectiveness of each preventive control acting on an 
inherent 1 ikel ihood . 

18. (Previously presented) The method of claim 15, wherein in one 
mode of use a residual risk impact cost is aggregated over the 
residual cost of each consequence of the risk. 

19. (Previously presented) The method of claim 11, further 
comprising a step of using a scripting facility to enable a user to 
create a script directing how a risk management process is to be 
performed, the script indicating steps that can be used in 
performing risk analysis in any profile. 

20. (Previously presented) The method of claim 11, further wherein 
the risk processor also uses the generic risk record to provide 
initial values for the profile risk record, whereby the profile 
risk record has initial values based on experience gained over 
time . 
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